Two new point-of-sale threats target SMBs in the U.S.

Researchers with Trend Micro have identified two new pieces of point-of-sale (POS) malware that are affecting small and medium-sized businesses (SMB) predominately in the U.S.

One of the threats is referred to as Katrina and it was observed being advertised on underground forums since as far back as June 2015, a Monday post said.

The other threat, CenterPoS, initially resembled POS malware known as GamaPoS since both are written in the Microsoft .NET Framework and neither uses the Luhn algorithm, a method for verifying that acquired numbers are actually payment card numbers.

Both threats, however, were determined to be minor variants of a popular POS malware known as Alina.

Christopher Budd, global threat communications manager at Trend Micro, told in a Monday email correspondence that “both of these are rather derivative and derive from Alina without major innovations.”

Trend Micro observed the first infection on Aug. 25 and so far the security firm has identified 87 SMBs that have been compromised, the post indicated, noting that 77 percent of victims are from the U.S., five percent are from Taiwan, three percent are in Brazil and another three percent are in Australia.

“Most of the victims were compromised first with the Katrina PoS malware, but sometime between September 10 [and] 15, the attacker [began] shifting the installed malware from Katrina to [another POS threat known as] NewPoSThings, or from CenterPoS to Katrina,” the post said.

To stay ahead of the threat posed by these types of POS malware, Trend Micro recommended segregating POS terminals from the rest of the network and using correct access controls, as well as using application whitelisting technology.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.